Privacy Policy

treatments

PRIVACY POLICY

GB Spa

Introduction
We would like to assure you that for us at “LAMPSA HELLENIC HOTELS S.A.” (Tax Reg. No. 094008519, registered address: 1, Vasileos Georgiou A Str., GR 10564, email: info@lampsa.gr, tel.:(+30)2103330000, website: www.lampsa.gr) (hereinafter the “Company”, “we” or “us”), protecting the personal information of our customers is a top priority. Therefore, we take all steps necessary to protect any customer data processed by us and to further ensure that such processing is performed, both by us and by our third-party associates, strictly in line with the requirements of the applicable laws.
We would also like to assure you that we collect no data relating to minor persons under the age of 18 years.

Data Controller – Data Protection Officer (DPO)
We hereby inform you that, for reasons pertaining to the performance of our business operations, we process certain personal data of our customers in accordance with the applicable national laws and Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, hereinafter referred to as “the Regulation”), as in force.
For any data-processing matters, please contact our Data Protection Officer (DPO) Mr. Foivos Chandakas at: dpo@lampsa.gr, fax: (+30)210322 8034.

Processing Purposes and Use of your Data
We use your information in various ways, depending on the purpose of the processing.
In some situations the Company may not be able perform particular functions unless it has collected specific personal data from its customers, e.g. information required to execute online orders.
Your personal data may be processed in the context of transactions involving goods or services you wish to purchase from our physical store or online at https://www.gbspa.gr.

More specifically:
Personal data required to execute orders or provide services and to be able to support you, consists in the following:
• Your name and surname (for individuals) or corporate name Tax Registration Number, Tax Office, type of activity and the full name of the recipient of the order (for businesses), so that we know who will take delivery of your order;
• Your full billing and/or delivery address (street, number, zip code, city), so that you can receive your order at your preferable location;
• Your landline phone number, so that we can contact you for any matters pertaining to your order or our services;
• Your mobile phone number, so we can contact you through text messages and/or by phone for any matters pertaining to your order or our services;
• Your e-mail address, so that you can receive updates about your order or our services.
The above information is also essential for identifying and preventing fraudulent activities targeted either against you or against our Company.
Also, subject to your consent and the disclosure of your relevant personal information required in each case, either by creating a user account through this website, signing up to our customer loyalty program (https://www.gbspa.gr), purchasing goods or services at our physical store or online, subscribing to our newsletters or profiling, the following options are also available:

Subscribing to Newsletters, Updates and Offers:
In order to subscribe to our newsletters, receive updates and/or offers and/or promotions, you need to state your e-mail address to a physical store or online.
By subscribing to our newsletters and personalised updates, you explicitly consent to receiving updates and/or offers and/or promotions from us by e-mail, text messages or instant messaging through the relevant applications (e.g. SMS, Viber, Push Notifications, etc.).

Creating a User Account:
In order to create a user account on our online store, you need to state an e-mail address and set up your own access credentials.
By registering at https://www.gbspa.gr you explicitly consent to receiving updates and/or offers and/or promotions by email and text messages.

Customer Satisfaction Surveys:
Any personal data we collect through our website and/or our physical store is used for your participation in Customer Satisfaction Surveys, subject to the specific requirements of the applicable laws. Customer Satisfaction Surveys are currently conducted through electronic communications with our customers.

Profiling:
We wish to offer you the best browsing experience; therefore the personal data we collect from you may be used to send you personalized updates, subject to your consent and the specific requirements of the applicable laws.

Creating a User Account through Social Media:
To create a user account through social media, you have to provide your prior consent to the social media concerned.
Information we essentially obtain from your social media accounts is your email address.
Any additional information depends on the social media concerned. Such additional information may include your gender or date of birth, or both, if both are designated as publicly available information.
By creating a user account as above, you consent to placing future orders for goods or services without re-entering your details. You will be able to enjoy an optimal experience by accessing your account details, your order history, the status of your pending orders, your Favourites and all settings available on “My Account” page.
This way you can access all your information, and complete or modify it as appropriate. You can also enter in your account any information necessary for the execution of your orders, so that you need not fill it in every time you place a new order.
You may optionally provide additional information, such as your gender and date of birth, which will enable us to offer you even more customised and personalized information.

Credit/Debit Card Details
Your credit/debit card details will be requested upon completion of your order, if you have selected this payment method, and will be transmitted by us to Alpha Bank S.A., through a secure environment, exclusively for the purpose of completing the transaction. Your credit/debit card details are not stored in our electronic systems or physical records.
For card holder verification purposes, we may need to forward your card details to a third-party provider cooperating with the bank that conducts the card payment process.

Legitimate Grounds for Personal Data Processing
Personal data which is disclosed to us with your explicit consent will only be processed by us where there are legitimate grounds.
Legitimate grounds for personal data processing include:
• Execution of sale and purchase transactions in respect of goods or services you have purchased from our physical store or online and, as such, performance of our relevant contractual obligations; evidence of your order; after-sales support; contacting you about your orders or whenever this is reasonably required; compliance with any statutory or regulatory requirements; dispute resolution purposes; prevention of fraud and abusive conduct;
• Securing and protecting both your and our own legitimate interests. For this purpose, we use closed circuit television (CCTV) and security cameras at our physical store, in order to ensure the safety of our customers and installations, as well as specialised security software to detect and prevent malicious activities. In particular, through our online store we collect information such as your IP address, location information, user devices, etc., in order to detect and prevent fraud or illegitimate use of our website;
• Compliance with various statutory obligations, e.g. regulatory compliance with tax or e-commerce legislation;
• Your consent, which is given to us under the specific conditions imposed by the applicable laws, in order to subscribe to our newsletters, receive product updates, offers and/or promotions, participate in customer satisfaction surveys, receive personalized updates, etc.

Use of our Online Store by Minors and Children
Our products or services are not available online to children and minors under the age of 18 years.
If you are under the age of 18 years, you may only make purchases through our website with the participation and consent of your parent or guardian.

Data Transmission to Third Parties
In the context of the processing purposes described above, we may disclose or transmit your personal data to our subsidiaries or affiliates or to third-party service providers, who contribute to the efficient operation of this website, including, but not limited to, providers of technology services for the protection and security of our electronic systems; advertising agencies, as well as firms that we associate with to implement corporate programs and customer reward programs; and customer satisfaction survey companies.
More specifically, any information necessary to implement each transaction performed through our online store is transmitted to those of our associates who are responsible for implementing the relevant scope of our agreement, e.g. logistics service providers, carriers, order management service providers, etc.
In all these situations, the Company remains responsible for the processing of your personal data, defines the particular details of the processing and signs special agreements with any third parties assigned processing duties, in order to ensure that the processing is carried out in accordance with the applicable laws and that all individuals can freely exercise the rights conferred to them under the applicable legislation.

Data Retention
The Company undertakes to keep strictly confidential all records of personal data collected through our website or physical store, including your transaction history with our online store at https://www.gbspa.gr and to keep such records exclusively for the processing purposes listed above.
The retention period of your data is determined on the basis of the following specific criteria, as appropriate:
• If processing is required under any applicable laws, your personal data is stored for as long as this is required under the relevant provisions.
• If processing is conducted on the basis of a contract, your personal data is stored for as long as this is necessary to implement the contract and to establish, exercise, and/or defend any legal claims under the contract.
• For various advertising/promotional activities (marketing activities), your personal data is stored until your consent is withdrawn. You can exercise this option any time. Withdrawal of your consent shall not affect the legality of consent-based processing in the period prior to such withdrawal.
• We will also store the details of the account you have created on our website for as long as you keep the account and do not request its deletion. Insofar as this is necessary to comply with any with legal or regulatory requirements; for dispute resolution purposes; to prevent fraud or other abusive conduct; or to enforce any terms and conditions of access to our website, we may retain your data for as long as this may be necessary even after your account is deleted.
To withdraw your consent, please contact our Data Protection Officer (DPO) at the following contact details:
email: dpo@lampsa.gr, fax: (+30) 210322 8034

Your Data Processing Rights
Any individual whose data are processed by the Company shall have the following rights:

Right of access:
You have the right of direct access to information on any matters pertaining to your personal data, including the right to verify when or how your data was initially stored and the right to be informed of the data processing and protection methodologies applied.

Right to rectification:
You have the right to review, rectify, update or modify your personal data.

Right to erasure:
You have the right to file a written request for erasure of your personal data from our records at any time, where we have processed your data on the basis of your prior consent. In all other situations (e.g. where there is a contract in place or data processing obligations imposed by law, or where this serves the public interest), this right may be subject to specific restrictions or may even be unenforceable, as the case may be.

Right to restriction of processing:
You have the right to request the restriction of processing of your personal data in the following situations: (a) if you contest the accuracy of your personal data, until such accuracy is verified; (b) if you do not wish to have your personal data erased and request a restriction of use instead; (c) if your personal data is no longer needed for the relevant processing purposes, but it is required for the establishment, exercise or defence of legal claims; and (d) if you object to processing, until it is verified that there are legitimate grounds for processing, overriding the reasons for which you object to the processing.

Right to object:
You have the right to object to the processing of your personal data any time, in any situations where, as it is thoroughly described above, such processing is required for the legitimate purposes we pursue as data controllers. You may also object to processing for direct marketing and profiling purposes.

Right to data portability:
You have the right to obtain free of charge a copy of the “customer record” containing your personal data in electronic or printed form, in order to access, verify or process your data under any common processing method. You also have the right to request that your data be transmitted directly to another controller, where technically feasible. You may exercise this right in respect of any data you have provided us, which is processed by automated means, on the basis of a prior consent or a contract.

Right to withdraw consent:
Lastly, the Company informs you that, in situations where your personal data is processed on the basis of your prior consent, you have the right to freely withdraw your consent, without affecting the legality of consent-based processing in the period prior to such withdrawal.

To exercise any of the above rights, you may contact our DPO at the following contact details: email: dpo@lampsa.gr, fax: (+30) 210322 8034.

Right to file a complaint with the Hellenic Data Protection Authority
You have the right to file a complaint with the Hellenic Data Protection Authority (www.dpa.gr): Call Centre: (+30) 210 6475600, Fax: (+30) 210 6475628, Email: contact@dpa.gr

Personal Data Security
The Company takes all necessary technical and organisational measures to ensure the secure processing of your personal data and to prevent any accidental loss or destruction and any unauthorised and/or illegal access, use, alteration or disclosure of your data. However, given the way that Internet works and the fact that it is freely accessible to anyone, we are unable to guarantee that no unauthorised third parties will ever be able to circumvent such measures and gain access, or even make use of, your personal data for unauthorised and/or unlawful purposes.

Profiling:
We wish to offer you the best browsing experience; therefore the personal data we collect from you may be used to send you personalized updates, subject to your consent and the specific requirements of the applicable laws.

Creating a User Account through Social Media:
To create a user account through social media, you have to provide your prior consent to the social media concerned.
Information we essentially obtain from your social media accounts is your email address.
Any additional information depends on the social media concerned. Such additional information may include your gender or date of birth, or both, if both are designated as publicly available information.
By creating a user account as above, you consent to placing future orders for goods or services without re-entering your details. You will be able to enjoy an optimal experience by accessing your account details, your order history, the status of your pending orders, your Favourites and all settings available on “My Account” page.
This way you can access all your information, and complete or modify it as appropriate. You can also enter in your account any information necessary for the execution of your orders, so that you need not fill it in every time you place a new order.
You may optionally provide additional information, such as your gender and date of birth, which will enable us to offer you even more customised and personalized information.

Credit/Debit Card Details
Your credit/debit card details will be requested upon completion of your order, if you have selected this payment method, and will be transmitted by us to Alpha Bank S.A., through a secure environment, exclusively for the purpose of completing the transaction. Your credit/debit card details are not stored in our electronic systems or physical records.
For card holder verification purposes, we may need to forward your card details to a third-party provider cooperating with the bank that conducts the card payment process.

Legitimate Grounds for Personal Data Processing
Personal data which is disclosed to us with your explicit consent will only be processed by us where there are legitimate grounds.
Legitimate grounds for personal data processing include:
• Execution of sale and purchase transactions in respect of goods or services you have purchased from our physical store or online and, as such, performance of our relevant contractual obligations; evidence of your order; after-sales support; contacting you about your orders or whenever this is reasonably required; compliance with any statutory or regulatory requirements; dispute resolution purposes; prevention of fraud and abusive conduct;
• Securing and protecting both your and our own legitimate interests. For this purpose, we use closed circuit television (CCTV) and security cameras at our physical store, in order to ensure the safety of our customers and installations, as well as specialized security software to detect and prevent malicious activities. In particular, through our online store, we collect information such as your IP address, location information, user devices, etc., in order to detect and prevent fraud or illegitimate use of our website;
• Compliance with various statutory obligations, e.g. regulatory compliance with tax or e-commerce legislation;
• Your consent, which is given to us under the specific conditions imposed by the applicable laws, in order to subscribe to our newsletters, receive product updates, offers and/or promotions, participate in customer satisfaction surveys, receive personalized updates, etc.

Use of our Online Store by Minors and Children
Our products or services are not available online to children and minors under the age of 18 years.
If you are under the age of 18 years, you may only make purchases through our website with the participation and consent of your parent or guardian.

Data Transmission to Third Parties
In the context of the processing purposes described above, we may disclose or transmit your personal data to our subsidiaries or affiliates or to third-party service providers, who contribute to the efficient operation of this website, including, but not limited to, providers of technology services for the protection and security of our electronic systems; advertising agencies, as well as firms that we associate with to implement corporate programs and customer reward programs; and customer satisfaction survey companies.
More specifically, any information necessary to implement each transaction performed through our online store is transmitted to those of our associates who are responsible for implementing the relevant scope of our agreement, e.g. logistics service providers, carriers, order management service providers, etc.
In all these situations, the Company remains responsible for the processing of your personal data, defines the particular details of the processing and signs special agreements with any third parties assigned processing duties, in order to ensure that the processing is carried out in accordance with the applicable laws and that all individuals can freely exercise the rights conferred to them under the applicable legislation.

Data Retention
The Company undertakes to keep strictly confidential all records of personal data collected through our website or physical store, including your transaction history with our online store at https://www.gbspa.gr and to keep such records exclusively for the processing purposes listed above.
The retention period of your data is determined on the basis of the following specific criteria, as appropriate:
• If processing is required under any applicable laws, your personal data is stored for as long as this is required under the relevant provisions.
• If processing is conducted on the basis of a contract, your personal data is stored for as long as this is necessary to implement the contract and to establish, exercise, and/or defend any legal claims under the contract.
• For various advertising/promotional activities (marketing activities), your personal data is stored until your consent is withdrawn. You can exercise this option any time. Withdrawal of your consent shall not affect the legality of consent-based processing in the period prior to such withdrawal.
• We will also store the details of the account you have created on our website for as long as you keep the account and do not request its deletion. Insofar as this is necessary to comply with any with legal or regulatory requirements; for dispute resolution purposes; to prevent fraud or other abusive conduct; or to enforce any terms and conditions of access to our website, we may retain your data for as long as this may be necessary even after your account is deleted.
To withdraw your consent, please contact our Data Protection Officer (DPO) at the following contact details:
email: dpo@lampsa.gr, fax: (+30) 210322 8034

Your Data Processing Rights
Any individual whose data are processed by the Company shall have the following rights:

Right of access:
You have the right of direct access to information on any matters pertaining to your personal data, including the right to verify when or how your data was initially stored and the right to be informed of the data processing and protection methodologies applied.

Right to rectification:
You have the right to review, rectify, update or modify your personal data.

Right to erasure:
You have the right to file a written request for erasure of your personal data from our records at any time, where we have processed your data on the basis of your prior consent. In all other situations (e.g. where there is a contract in place or data processing obligations imposed by law, or where this serves the public interest), this right may be subject to specific restrictions or may even be unenforceable, as the case may be.

Right to restriction of processing:
You have the right to request the restriction of processing of your personal data in the following situations: (a) if you contest the accuracy of your personal data, until such accuracy is verified; (b) if you do not wish to have your personal data erased and request a restriction of use instead; (c) if your personal data is no longer needed for the relevant processing purposes, but it is required for the establishment, exercise or defence of legal claims; and (d) if you object to processing, until it is verified that there are legitimate grounds for processing, overriding the reasons for which you object to the processing.

Right to object:
You have the right to object to the processing of your personal data any time, in any situations where, as it is thoroughly described above, such processing is required for the legitimate purposes we pursue as data controllers. You may also object to processing for direct marketing and profiling purposes.

Right to data portability:
You have the right to obtain free of charge a copy of the “customer record” containing your personal data in electronic or printed form, in order to access, verify or process your data under any common processing method. You also have the right to request that your data be transmitted directly to another controller, where technically feasible. You may exercise this right in respect of any data you have provided us, which is processed by automated means, on the basis of a prior consent or a contract.

Right to withdraw consent:
Lastly, the Company informs you that, in situations where your personal data is processed on the basis of your prior consent, you have the right to freely withdraw your consent, without affecting the legality of consent-based processing in the period prior to such withdrawal.

To exercise any of the above rights, you may contact our DPO at the following contact details: email: dpo@lampsa.gr, fax: (+30) 210322 8034.

Right to file a complaint with the Hellenic Data Protection Authority
You have the right to file a complaint with the Hellenic Data Protection Authority (www.dpa.gr): Call Centre: (+30) 210 6475600, Fax: (+30) 210 6475628, Email: contact@dpa.gr

Personal Data Security
The Company takes all necessary technical and organisational measures to ensure the secure processing of your personal data and to prevent any accidental loss or destruction and any unauthorised and/or illegal access, use, alteration or disclosure of your data. However, given the way that Internet works and the fact that it is freely accessible to anyone, we are unable to guarantee that no unauthorised third parties will ever be able to circumvent such measures and gain access, or even make use of, your personal data for unauthorised and/or unlawful purposes.

READ MORE